Threat hunters. Fancy role with an even fancier name! So very often enterprise security boils down to the latest fixes and patches, backed up by strong corporate rules.
But there is talk now of another valuable line of defense.
Cybersecurity attacks continue to involve, even as organizations set up new layers of technology and automation. This has led to the belief that the current environment calls for a new category of employee.
One dubbed the threat hunter.
In simpler terms, the mission of these new personnel is to find the security incidents automated systems miss. The aim here is to strengthen security operations centers (SOCs) that are a focal point for threat detection and incident response activities for a company.
This evolution is said to be part of the progression over the years from a bunch of people in cubicles in these SOCs to a seamlessly integrated blend of manual and automated systems.
Johna Till Johnson, CEO of Nemertes Research, has been pushing for the need for threat hunters, and she had this to say on this:
“Only about 10% of the security organizations we talk with operate at the anticipatory level, but part of being anticipatory is preparing for threats that don’t yet exist, or are newly emerging. Without the threat hunters, it’s very difficult to be anticipatory.”
Chief Information Security Officers, typically known as CISOs, are usually tasked with staffing and operating a SOC for an organization, and they now face the additional challenge of hiring and managing threat hunter talent that is currently very scarce.
But it is believed that they will need to do just that to reach the highest levels of preparedness a modern business demands.
You can read up more on this interesting new paradigm here in this detailed article that goes over everything from the characteristics of a threat hunter to how to set up a team of them.